J.P. Morgan Privacy Statement for Merchant Services

Commitment to Privacy and Security
Merchant Services, through its operating entities Paymentech, LLC, WePay, Inc., Chase Paymentech Europe Limited, WePay Payments Ltd. and Chase Paymentech Solutions Inc. (collectively, “Merchant Services”), is committed to safeguarding the privacy and security of the personal information it collects. This Privacy Statement explains Merchant Services’ policies and practices with respect to the handling of personal information. This Privacy Statement shall be read and is provided in addition to other privacy policies or statements you receive or encounter from the JPMorgan Chase & Co. family of companies; please know that this policy controls for purposes of your accounts or relationships with Merchant Services.

Circumstances Where We Collect Information
Merchant Services’ customers are businesses and other legal entities desiring to accept credit or debit cards or other payment methods, as payment for goods or services or as donations (“Merchants”). Merchant Services does not provide services for consumer, personal, family or household purposes and generally does not have direct relationships with, or collect information directly from, individual consumers. The personal information we receive and collect, as described below, relates to our Merchants (and their owners and operators), the payment transactions we help Merchants execute, and representatives of prospective or potential business customers interested in learning more about our services.

Circumstances where Merchant Services collects information, including personal information, include the following:

Browsing our Websites. When you browse our websites, we collect information as described in the online privacy policy or statement applicable to that website.

Your Inquiries. When you complete and submit a form or otherwise provide us with personal information about you on our websites, or contact us by e-mail, fax, or telephone, Merchant Services stores the inquiries and their contents. Merchant Services, pursuant to applicable law, may record or monitor telephone calls for various business purposes, including quality assurance, training, and record keeping.

Opening an Account or Using Our Services. When you submit an application to become a Merchant, you will be required to provide us with certain information about your business, and its owners and officers, which also act as guarantors of the Merchant’s obligations. Personal information we collect about owners, officers and guarantors includes name and personal contact information, date of birth, tax identification number and ownership information. When you open an account or submit an application, Merchant Services also obtains and stores credit, financial and other personal information about your business, and its officers, owners and guarantors from consumer reporting agencies, credit bureaus, relevant financial institutions, and other entities.

From Customers of Our Merchants. If a consumer purchases a product or service from a Merchant using a credit or debit card, or any other method of payment for which we provide the Merchant with transaction processing services, the consumer will likely provide that Merchant with certain personal information including, for example, the consumer’s name, credit card number and transaction information. Our Merchants transmit some of this information (“Order Information”) to us in connection with processing the transaction.

From Our Partners. If an online platform provides Merchant Services integrated with the platform’s own services, the platform provides us with information about our shared users, such as length of the relationship and purpose of the payments.

Merchant Services is a global business and therefore we transmit, transfer, store or process personal information to, or through, other countries in the world, as we deem necessary, appropriate, and in accordance with applicable legal, contractual or regulatory obligations. When we do, we take appropriate steps to protect the confidentiality and security of the personal information in accordance with this Privacy Statement. Our employees, affiliates and third parties we engage to provide services on our behalf are responsible for complying with the data protection requirements set forth in this Privacy Statement.

Use and Disclosure of Information
Merchant Services uses, retains and discloses personal information to (i) comply with any applicable legislation requiring Merchant Services to obtain, verify, and record information that identifies each entity with which it establishes a Merchant relationship; (ii) evaluate your eligibility for a Merchant account, which involves disclosure to consumer reporting agencies, commercial credit bureaus, and relevant financial institutions; and (iii) as required or permitted by law. Merchant Services also uses your information to contact you about other Merchant Services offerings and services, as well as offerings and services of our affiliates. If you are, or become a Merchant, Merchant Services discloses your information, and information about your officers, directors and guarantors during the course of providing such services to card associations, banks and other financial institutions involved in the course of processing or screening the transaction, and to third parties that have contracted with Merchant Services to perform certain functions of our services on our behalf. Merchant Services uses or discloses your personal information for the additional purposes of facilitating and completing merchant-initiated or authorized transactions; complying with local laws, including credit reporting laws and card association rules; assisting in preventing fraud; informing you about general company news, product updates and developments, card association rules, and industry trends; offering you products and services of interest to you; or as otherwise permitted by your agreements with us, your consent, or as required by applicable law.

Examples where we use and disclose information include:

Service Providers. Merchant Services provides personal information to outside organizations as necessary to provide requested services. Our contracts with such third parties require that any information that we provide to them is kept confidential and used solely for the purposes of providing the services that they have been contracted with to provide.

Government Inquiries. We share information with regulatory authorities and law enforcement officials when we believe such disclosure is necessary to comply with legal requirements. We share information with third parties where appropriate to protect against fraud or verify or enforce our terms of use, our other rights, or other applicable policies.

Referral Programs. Where a Merchant is referred to Merchant Services by a referral partner, Merchant Services shares Merchant information, including name, location, Merchant ID, transaction volume, card summary and Merchant status, with the referral partner as necessary to administer the referral arrangement, including to calculate fees, determine Merchant’s continued eligibility for the referral program and any preferred pricing, and servicing and managing the Merchant’s account.

Integrated Payments. Where an online platform provides Merchant Services integrated with the platform’s own services, Merchant Services shares with the platform information about our shared users, including their personal information. The online platform can use and disclose the information in accordance with applicable laws, rules, regulations, and the online platform’s own privacy policy.

Order Information. When we provide processing services to our Merchants, we disclose Order Information to banks, other processors, credit and debit card organizations and associations, and other financial institutions involved in effecting the transaction represented by the Order Information. In addition, we disclose some or all of the information we collect to our affiliated companies or to non-affiliated third parties where necessary or appropriate to comply with local laws or the rules and regulations of the respective card organizations or other payment entities.

De-identified information. We also use and disclose data we collect or generate on an aggregate or de-identified basis (such that it does not identify any individual Merchant or card holder) for business purposes, where permissible under applicable laws and regulations.

Protection of Cardholder and Merchant Data
Merchant Services has implemented various measures, in accordance with applicable laws, rules and regulations such as the Payment Card Industry Data Security Standards (“PCI-DSS”), to help ensure the security and confidentiality of cardholder and Merchant data. These measures include appropriate administrative, technical and physical safeguards designed to protect against anticipated threats or hazards to the security or integrity of such information and against unauthorized access to or use of such information.

Retention of Information
Merchant Services retains the personal information it collects as long as necessary for the fulfillment of the purposes for which it was collected, subject to reasonable legal limitation periods, statutory or regulatory retention requirements and legitimate business requirements.

Merchant Services will use reasonable efforts to ensure that personal information which is no longer required will be disposed of or destroyed in a secure manner.

Personal Information
For the purpose of this Privacy Statement, “personal information” means information that identifies, is identifiable to, or can be used to identify an individual alone or in combination with other information, as more particularly defined in applicable privacy legislation. Personal information does not include aggregate information that cannot be associated with a specific individual, and in certain jurisdictions, it also excludes business contact information.

Modifications to Privacy Statement
We continue to review our policies and procedures to assure they are effective in meeting our commitments to our Merchants. Accordingly, we may change this Privacy Statement from time to time. When we do, we will let you know by appropriate means such as by posting the revised statement on this page with a new “Last Modified” date. All changes will become effective when posted unless indicated otherwise.

For Our European Economic Area (EEA) and Canadian Merchants

EEA Merchants.
Paymentech, LLC provides certain processing services in the U.S. for its European affiliate, Chase Paymentech Europe Limited (“CPEL”), and WePay, Inc. similarly provides processing services in the U.S. for its European affiliate, WePay Payments Ltd. (“WPL”). As a result, Merchant Services, its affiliates and service providers processes personal data of EEA based data subjects inside and outside of the EEA, including in the United States, in accordance with applicable Data Protection regulations. We handle such personal information in accordance with our EMEA Data Privacy Policy and our Global Privacy Code.

Under applicable Data Protection regulations, and as described in our EMEA Data Privacy Policy, you have certain rights with respect to our processing of your personal information.

Canadian Merchants.
Merchant Services and its affiliates and service providers process personal information inside and outside of Canada, including in the United States, and can be required by Canadian or foreign law to provide personal information to governments, courts, national security, law enforcement or regulatory agencies in certain circumstances.

The file containing your personal information will be maintained at our offices or on our servers, or those of our third party service providers. Authorized employees, mandataries and agents of Merchant Services who have a legitimate purpose for accessing the information and require it in the course of their duties will have access to your personal information.

You can withdraw your consent to our collection, use or disclosure of personal information at any time (subject to legal or contractual restrictions and reasonable notice) by contacting our Chief Privacy Officer using the information listed below. However, if you withdraw your consent to certain collections, uses or disclosure of your personal information, Merchant Services may be unable to provide services. You can request access to or correction of your personal information at any time by contacting our Chief Privacy Officer. We take steps to verify your identity before granting access or making corrections. You can also contact our Chief Privacy Officer with any questions about how we handle personal information, including with respect to our use of service providers outside of Canada.

Contact Information
If you have any questions about this Privacy Statement, please contact us.